Icingaweb Directory Traversal In Static Library File Requests

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Icingaweb Directory Traversal in Static Library File Requests', 'Description' = %q Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to...

Metasploit Weekly Wrap-Up

Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...

Icingaweb Directory Traversal in Static Library File Requests

Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the target...

Directory Traversal

icingaweb is vulnerable to directory traversal. The vulnerability exists as arbitrary files are readable by the process running Icinga Web 2...